I am a .NET developer and I code web apps against databases. I have been able to move my GIS .NET development to the Esri JS API except for the proxy information, but is there a secure way to use JavaScript for interaction with just a database?
Ideally Esri will make the new data layer editable and that would take all limitations away as long as I could relate data geographically. That will take care of some, but probably not all. Any ideas? Or should I stick with .NET for talking to the server securely?
Thanks.
Solved! Go to Solution.
Hi Chris,
On the server side you may still need some .net, in order to provide the necessary DB and security interaction. I would propose you take a look at the Web API framework from Microsoft. It provides the necessary components to create a secure REST API, which you can then easily consume with a javascript client (we use angular js here ).
Cheers, Chris
Use .NET to write out some DB queries as JSON -I use MVC4. Then use AJAX on client side to grab the JSON and handle the parsing using a library linq.js.
It's not looking like I can move away from .NET completely. Thanks for the input. I found it helpful.
Hi Chris,
On the server side you may still need some .net, in order to provide the necessary DB and security interaction. I would propose you take a look at the Web API framework from Microsoft. It provides the necessary components to create a secure REST API, which you can then easily consume with a javascript client (we use angular js here ).
Cheers, Chris
You can access your database through ArcGIS Server services. You're not personally writing SQL anymore but you're not using .NET anymore either.
As long as your website and arcgis server are on the same machine (or you're using the webadaptor) you might not need the proxy either.
I'm not sure how I would write to a database outside of feature editing and some of my tables that I want to edit may not have GIS information in them.
I wouldn't recommend accessing a database from client side JavaScript if the reason you're attempting to do so through a proxy is so you can have an encrypted channel between the browser and the client. Clientside Javascript is inherently vulnerable, so the encrypted channel is attempting to use a padlock to keep anyone from getting into a paper bag.
If someone wants to get at your database and can't get through the encyrpted channel,they'll just modify your code or inject their own by targetting the browser.
If you are hooked on the idea of a JavaScript-based access layer, I'd suggest using NodeJS server side. If you practice "safe selects" and do not trust any input you get from the client, you can retain control over what queries actually get invoked.
The malicious user who hacked your browser code and passed their own queries over the SQL channel would still be able to pass you their own crafted messages, but as long as you don't accept any input that would imply unsupported things happening, you are still safer this way because the database server cannot apply heuristics to discern safe from evil anywhere near as well as your own application code can.
you can use arc SDE with you arcgis server to work,they can edit and save you data at the same times
One question on that. Can the REST Services be published as editable?
Sure can. If you set the feature to editable, all the properties can be edited. Can even add files/images. See my post on a ESRI REST API JavaScript class.
JavaScript Class for ESRI REST API | Architecture and Planning